We sat down with David Langlands, Todyl’s Chief Security Officer (CSO), to hear how he got his start in security, what led him to Todyl, and how he’s been able to succeed in the industry.
I have an almost 30-year career in enterprise infrastructure and security. At the University of Illinois, I was an English major but loved programming and taking computers apart and putting them back together. I wound up working with Marc Andreesen’s team, building the world’s first web browsers and servers. It was an awesome opportunity to see just how much the internet could change the world.
Upon graduating, I built large-scale networks for AT&T. While there, I saw a lot of my peers set out to build startups. At the same time, I was using an ISP that I kept having problems with, so much so that I got to know many people there from support calls. One day, I said “Hey, I used to build networks at AT&T, maybe I can help you out.”
Originally, it was just so my home ISDN would work better, but I ended up as their Chief Architect. Cybersecurity was baked into the networking and infrastructure teams. As much as I excelled at networking, cybersecurity was always the most interesting part.
Fast forward a few years, cybersecurity was a major part of the picture—especially as more people from the military and intelligence community joined the private sector. I joined SecureWorks and built their Adversary group. I built the team from just me and a handful of consultants to 100 strong, driving red team engagements and many physical security tests. During that time, they asked me to run the Governance, Risk and Compliance (GRC) side as well. During my tenure, many companies tried to move towards a platform approach like Todyl’s, but even now it still seems like they are playing catchup.
Knowing the challenges my peers and I faced, Todyl seemed like an incredible opportunity. What excites me is we’re building a true full-stack platform, consolidating end-to-end security controls into one view.
In the past, I’ve worked with many solutions that claim to accomplish this with a unified portal, but in reality they’re still incorporating disparate tools from multiple vendors. You can’t anticipate what one vendor changes on their side, often to the customer’s detriment. Those problems run from enterprises to small businesses and MSPs. With Todyl, you have much more control over it.
Then, I got to meet the people. Everyone here is committed to the mission and at the top of their game.
As CSO, I’m responsible for up leveling our security product. The platform is already great, and we always push it to be better. With the way threat actors evolve, we need to be just as adaptive. I’m focused on expanding our detection and response capabilities while bringing the best talent to our security team.
I will spearhead a threat hunting and intelligence motion where we can explain threats to multiple audiences, both technical and non-technical. I also will create more opportunities to show the product in action, including live demos stopping TTPs of known threat actors. I want to demonstrate that Todyl delivers beyond what we say it does.
Beyond that, I’m committed to keeping and exceeding our KPIs: response times and their SLAs, false positive tuning, red team our own platforms, and so much more. Each activity will help us take a proactive approach to providing the best possible security product and enabling our partners to succeed in protecting their clients.
I have two kids, one who just finished her freshmen year at the University of Georgia and the other who’s a junior looking to get into computer science. I also play a lot of tennis, which is big down in Atlanta. I’ve even won a couple city championships at my skill level.
What I’ve found is that the community, both in security and the MSP space, is receptive to sharing knowledge. If you find yourself in a space where people aren’t willing to share knowledge with you, you’re in the wrong spot. The security community is a very friendly place to get advice and very willing to mentor new members.
Get out, go to security events, and be involved. Sit and listen, find a mentor, check out security podcasts, blogs, and great conference presentations on YouTube. Forge your path in security. It’s a fun place to be where you can go out and find your passion.